British co-operative group Co-op group is recovering from a cyber intrusion that led to the intentional disabling of key IT systems.
The company, which operates 2,000 outlets such as grocery stores and funeral services, partially shut down its digital infrastructure in response to the cyber-attack in late April 2025.
Go deeper with GlobalData
The chain is now working with its suppliers to restock empty shelves.
A spokesperson said: “Following the malicious third-party cyber-attack, we took early and decisive action to restrict access to our systems in order to protect our Co-op. We are now in the recovery phase and are taking steps to bring our systems gradually back online in a safe and controlled manner.”
Customers have noted a lack of products on shelves, with those living in remote areas of Scotland experiencing significant inconvenience due to the scarcity of alternative shopping options, as reported in the Guardian.
The group had previously implemented contingency plans prioritising these vulnerable locations, but store inventories are not expected to improve until 17/18 May.
US Tariffs are shifting - will you react or anticipate?
Don’t let policy changes catch you off guard. Stay proactive with real-time data and expert analysis.
By GlobalDataThe spokesperson added: “There will be improved stock availability in our food stores and online from this weekend and we are working closely with our suppliers to restock our stores. Our stock ordering system is now fully online, and we have switched all our orders back to the normal supply processes and systems.”
Contactless and chip-and-pin methods of payment are operational throughout all Co-op stores.
“We’d like to thank all our colleagues, members, partners and suppliers for their support so far. We will provide further updates to our members as we continue to make progress from this cyber-attack,” the spokesperson concluded.
In early May, Co-op disclosed that hackers had extracted customer data such as names and contact details, but not passwords or financial information.
Marks & Spencer, another victim of the cyber incident, also acknowledged that customer data had been compromised during an attack that disrupted its operations in April/May 2025.
Alphabet’s Google reports that cyber attackers who have caused significant operational setbacks for retail businesses in the UK are now shifting their focus towards comparable entities in the US.
A statement from Google cybersecurity arm analyst John Hultquist was quoted by Reuters: “US retailers should take note. These actors are aggressive, creative and particularly effective at circumventing mature security programmes.”
Hultquist identified the responsible party as a collective linked to “Scattered Spider” – a network of hackers with loose affiliations. Reports have widely attributed the highly disruptive cyber-attack on M&S to this group.
